RELATED ARTICLES

Share this article

Though the data was encrypted, the password was written on a note that was attached to the device.

Mick Gorrill, assistant information commissioner, warned of a "complete disconnect" between procedures laid down by managers and practice "on the ground".

He told the newspaper: "Medical history is very sensitive personal data, which is likely to cause harm or distress.

"The law dictates they must keep this information confidential, but the NHS is by far the biggest offender within the public sector.

"There needs to be a recognition that this information affects real people and can cause real harm if lost."

A Department of Health spokesman said: "We can confirm we have received a letter from the Information Commisssioner which we will reply to in due course.

"The NHS locally has legal responsibility to comply with data protection rules and NHS organisations are expected to take data loss extremely seriously, be open about incidents and about the action taken as a result.

"David Nicholson, chief executive of the NHS, has written to all senior health managers reminding them of their responsibilities.

"Every effort is made to further improve data handling across the NHS. The security measures provided through the NHS IT modernisation programmes will minimise the risk while the modernisation of systems and services will improve the quality of care provided to patients.

"The Information Commissioner has full authority to prosecute in cases of data breaches.

"Typically, data losses are investigated locally by the police and, where appropriate, disciplinary action or prosecution can apply."